Service Broker Security Overview

Service Broker is a new technology introduced in SQL Server 2005 that brings asynchronous messaging services closer to the database engine, allowing you to build reliable, asynchronous queued database applications. A message can originate at one instance and can possibly be received at another SQL Server 2005 instance. The security features in Service Broker guarantee that the conversation is secure and that the unauthorized databases are not able to send Service Broker messages.

When you create an endpoint to be used for Service Broker communication, the default value for the ENCRYPTION option is REQUIRED, which indicates that endpoint must use encryption. Therefore, to connect to this endpoint, another endpoint must have ENCRYPTION set to either SUPPORTED or REQUIRED. The Service Broker transport authentication can be based on certificates or SSPI.

Service Broker security is based on certificates. A certificate is used to verify the identity of a remote database and to identify the local database principal for the operation. Service Broker uses the public key associated with the local database principal to decrypt the information received from the remote server. If it is able to decrypt the information, the remote database contains the private key that corresponds to the public key in the local certificate associated with the principal. After this verification, the remote database can act with the permissions of the local database principal that owns the certificate that contains the public key for the remote database.

SQL Server Service Broker and its security features are described in Chapter 14.